SigmaHQ

mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 02:08:54 +00:00

Author	SHA1	Message	Date
Florian Roth	1ec9473472	Merge pull request #1687 from SigmaHQ/rule-devel Rule adjustments and new Serv-U exploitation rules	2021-07-14 08:59:33 +02:00
Florian Roth	5e2e6c9b72	Merge branch 'config-adjustments' into rule-devel	2021-07-14 08:35:47 +02:00
Florian Roth	e0f166aba2	rule: Serv-U exploitation https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/	2021-07-14 08:35:25 +02:00
Florian Roth	85d47aeabc	Merge pull request #1678 from frack113/redcanary_t1228 Some Redcanary T1228	2021-07-14 08:18:52 +02:00
Florian Roth	9fce0fb42d	Merge pull request #1680 from phantinuss/master medium level Rule for Windows Defender Exclusions	2021-07-14 08:18:39 +02:00
Florian Roth	3faef2d94a	Merge pull request #1681 from frack113/redcanary_t1228_v2 Redcanary t1228 end	2021-07-14 08:18:23 +02:00
Florian Roth	f8afbf62aa	Merge pull request #1682 from w0rk3r/master Remove Field Value Wildcard in ALA Backend	2021-07-14 08:18:08 +02:00
G Y	aacb5f767c	Update winlogbeat-modules-enabled.yml Update mapping for EventID and TargetObject.	2021-07-14 11:01:45 +08:00
Jonhnathan	f6e7fc446f	Remove Wildcard	2021-07-13 11:21:12 -03:00
$frack113$ frack113	8b14dc6c99	fix [colons] too many spaces after colon	2021-07-13 14:42:47 +02:00
$frack113$ frack113	c00dd0bf65	add win_susp_athremotefxvgpudisablementcommand.yml	2021-07-13 14:29:00 +02:00
$frack113$ frack113	6d1e8268ba	update win_workflow_compiler.yml	2021-07-13 13:55:27 +02:00
phantinuss	bf9b82fc45	medium level rule for Windows Defender Exclusions	2021-07-13 13:16:25 +02:00
$frack113$ frack113	6b9466ec20	Add process_creation_protocolhandler_suspicious_file.yml	2021-07-13 12:19:07 +02:00
$frack113$ frack113	33832acf5b	fix Error: [colons] too many spaces before colon	2021-07-13 10:09:52 +02:00
$frack113$ frack113	c2d9b05191	Add process_creation_infdefaultinstall.yml	2021-07-13 09:56:34 +02:00
$frack113$ frack113	fd377fe163	update process_creation_syncappvpublishingserver_execute_arbitrary_powershell	2021-07-13 09:45:46 +02:00
Thomas Patzke	82b8b6890f	Merge pull request #1663 from heyibrahimkhan/patch-4 Create ala-azure-ad_auditlogs.yml	2021-07-12 23:37:55 +02:00
Thomas Patzke	294a405481	Merge pull request #1662 from heyibrahimkhan/patch-3 Create ala-azure-activitylogs.yml	2021-07-12 23:37:46 +02:00
Thomas Patzke	98165cdd09	Merge pull request #1661 from heyibrahimkhan/patch-2 Create ecs-azure-ad_auditlogs.yml	2021-07-12 23:37:37 +02:00
Thomas Patzke	a73c371c66	Merge pull request #1672 from mf1d3l:splunkdm_backend SplunkDM Backend: Splunk datamodels accelerated searches support	2021-07-12 23:05:51 +02:00
Florian Roth	3761cd1b34	Merge pull request #1660 from heyibrahimkhan/patch-1 Create ecs-azure-activitylogs.yml	2021-07-12 17:42:49 +02:00
$frack113$ frack113	82f666c5da	add process_creation_syncappvpublishingserver_execute_arbitrary_powershell.yml	2021-07-12 16:17:40 +02:00
$frack113$ frack113	d6a86a3fa0	add T1218 sysmon_creation_mavinject_dll.yml	2021-07-12 16:08:18 +02:00
Florian Roth	730e9eb883	Merge pull request #1667 from leegengyu/patch-10 Update winlogbeat-modules-enabled.yml - Imphash Field	2021-07-12 15:37:33 +02:00
Florian Roth	ac7270ff32	Merge pull request #1669 from leegengyu/patch-11 Update winlogbeat.yml - Imphash Field	2021-07-12 15:37:00 +02:00
Florian Roth	a16ce3b828	Merge pull request #1673 from frack113/ecs Add mapping for auditbeat and filebeat	2021-07-12 15:36:07 +02:00
Florian Roth	382d5b2adb	Merge pull request #1674 from frack113/fix_small_errors Fix some typo error	2021-07-12 15:23:55 +02:00
Florian Roth	682e0458a3	Merge pull request #1675 from frack113/redcanary_attack.t1562.001 Atomic Red team T1562.001	2021-07-12 15:23:35 +02:00
Florian Roth	677c53a262	Merge pull request #1676 from d4rk-d4nph3/master Added latest McAfee zloader's reference for Office Security Settings …	2021-07-12 14:02:49 +02:00
Bhabesh Rai	1fc5ec981d	Added latest McAfee zloader's reference for Office Security Settings Changed	2021-07-12 16:56:21 +05:45
$frack113$ frack113	a96678d725	test 21 to 24 from https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1562.001/T1562.001.md	2021-07-12 10:54:44 +02:00
Florian Roth	7f071d7851	Merge pull request #1554 from mlp1515/master Update win_multiple_suspicious_cli.yml	2021-07-12 10:43:26 +02:00
Thomas Patzke	0b83c12dd1	Merge branch 'devel-tp'	2021-07-12 10:21:19 +02:00
$frack113$ frack113	af140ebf84	fix some typo error	2021-07-12 09:40:18 +02:00
$frack113$ frack113	b6d2ec33cc	Add mapping for auditbeat and filebeat	2021-07-12 09:00:57 +02:00
Thomas Patzke	176514bd7a	New rule: suspicious spoolsv child process	2021-07-12 08:48:59 +02:00
Thomas Patzke	0b590aba5d	Adjusted Spool Service DLL load rule	2021-07-11 09:29:43 +02:00
Thomas Patzke	6d41d538b2	Title fixed	2021-07-11 09:25:33 +02:00
Florian Roth	58a634b0b6	Merge branch 'master' into master	2021-07-11 00:32:55 +02:00
mf1d3l	9005b58649	extend cim	2021-07-10 23:06:29 +02:00
mf1d3l	681accf2ba	add splunkdm to Makefile	2021-07-10 22:23:15 +02:00
mf1d3l	0271bc6b13	clean	2021-07-10 22:13:09 +02:00
mf1d3l	b986ed0716	extend cim	2021-07-10 19:02:24 +02:00
G Y	bdb77780b3	Update winlogbeat.yml Change Imphash's value as current one does not exist without the Sysmon processor module under Winlogbeat.	2021-07-10 11:37:36 +08:00
G Y	cb2985df75	Update winlogbeat-modules-enabled.yml Replaced mapping for Imphash (based on Winlogbeat's Sysmon processor module).	2021-07-10 10:51:05 +08:00
mfidel	ffadd110cb	Update splunkdm.py	2021-07-10 00:03:41 +02:00
mfidel	82f8412988	Update splunkdm.py	2021-07-10 00:02:33 +02:00
mf1d3l	368388a7e6	Add Splunk Datamodel backend	2021-07-09 23:18:17 +02:00
Florian Roth	99b0d32cec	Merge pull request #1666 from frack113/issue_1658 Domain Trust Discovery - 2 Duplicate Rules	2021-07-09 19:17:10 +02:00

... 2 3 4 5 6 ...

6840 Commits